<?php 
	if(isset($_GET['control']) && $_GET['control'] == "insert"){
		if(@$errors == "")
		{
			if($filename<>""){
				uploadFile("users","uploadfile");
			}
			if(@$errors == "")
			{
				$sql="INSERT INTO  tbl_user (full_name,user_name,password,email,type,active,photo)
				VALUES ('$fullName','$userLog','$pass','$email','$userType','$active','$filename')";
				if(query($sql))
				{
					pageRedirect("index.php?page=user_list&action=user_new&","Successful...!");
					
				}else{
					deleteFile("users/".$filename);
				}
			}				
		}	
	}
	
	if(isset($_GET['control']) && $_GET['control'] == "update"){	
		
		if(@$errors == "")
		{
			if($filename != "")
			{
				uploadFile("users","uploadfile");
				if(@$errors == "")
				{
					//concetenate field name
					$fieldimage = ", photo='$filename'";
				}				
			}							
		}
		if(@$errors == "")
		{
				if($pass!=""){
					$sql = "UPDATE tbl_user SET  full_name='$fullName'
						, user_name='$userLog',password='$pass',
						email='$email',type='$userType',active='$active'  
						{$fieldimage} WHERE user_id=$_GET[user_id]";
				}else{
					$sql = "UPDATE tbl_user SET  full_name='$fullName',
						 user_name='$userLog',email='$email',type='$userType',
						 active='$active' {$fieldimage} WHERE user_id=$_GET[user_id]";
				}
				
				if(query($sql))
				{
					if($filename != "")
					{
						deleteFile("users/{@$oldfilename}");	
					 	$filename = $filename;
					}
					pageRedirect("index.php?page=user_list&action=user_list&","Updated successful...!");
				}									
		}	
	}
	
	if(isset($_GET['control']) && $_GET['control'] == "delete"){
		$user_id=$_REQUEST['user_id'];
		$photo= $_REQUEST['photo'];
		$sql = "DELETE FROM tbl_user
				WHERE user_id = '$user_id'";
		mysql_query($sql);
		if(query($sql))
		{
			deleteFile("users/{$photo}");	
			pageRedirect("index.php?page=user_list&action=user_list&","Deleted successful...!");
		}

	}
	
	if(isset($_GET['control']) && $_GET['control'] == "publish"){
		function updatePublish($publish)
		{	
			$publish = $publish == 1 ? 0 : 1;
			$user_id = $_REQUEST["user_id"];
			$sql = "UPDATE tbl_user SET active={$publish} WHERE user_id=$user_id";
			query($sql);
			pageRedirect("index.php?page=user_list&action=user_list&","Active successful...!");	
		}
		if(isset($_REQUEST["active"]))
		{
			updatePublish($_REQUEST["active"]);
			
		}
	}
	
	

?>